CVE-2010-2695
Summary
| CVE | CVE-2010-2695 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-07-12 17:30:00 UTC |
| Updated | 2018-10-10 19:59:00 UTC |
| Description | Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Xlightftpd | Xlight Ftp Server | 3.5 | All | All | All |
| Application | Xlightftpd | Xlight Ftp Server | 3.5.5 | All | All | All |
| Application | Xlightftpd | Xlight Ftp Server | 3.5 | All | All | All |
| Application | Xlightftpd | Xlight Ftp Server | 3.5.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 66037 | OSVDB | osvdb.org | |
| Xlight FTP Server - what is new | CONFIRM | www.xlightftpd.com | Patch |
| Xlight FTP Server "SFTP" Directory Traversal Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.